UMB IT Patch Management Policy
X-99.13(A) | Information Technology | Approved | Last Reviewed April 30, 2024
Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS
Applies to: Staff
Policy Statement
Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred.
All manufacturers of computer operating systems are susceptible to programming flaws that can introduce security risks. Occasionally, one of those flaws permits a hacker to compromise those systems. A compromised computer threatens the integrity of the network and all computers connected to it. Therefore, all systems connected to the campus network must have up-to-date critical security patches applied.
Purpose
To ensure systems do not pose an unmanaged security risk for the campus, by ensuring applicable and required security patches are applied in a timely and effective manner.
Scope
This policy applies to every workstation physically (including wireless) connected to any part of the campus network.
Responsibilities
To comply with the USM Guidelines in Response to the State IT Security Policy which requires USM institutions to implement formal controls on all institutionally owned systems that store and/or access nonpublic information.
Compliance
Implement a systematic, accountable, and documented process for managing exposure to vulnerabilities through the timely deployment of patches.